lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4c09177b-119b-43b9-8d86-09d4af93c283@efficios.com>
Date: Wed, 23 Jul 2025 11:07:24 -0400
From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
To: Indu Bhagat <indu.bhagat@...cle.com>, Steven Rostedt
 <rostedt@...dmis.org>, "Jose E. Marchesi" <jemarch@....org>
Cc: linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org,
 bpf@...r.kernel.org, x86@...nel.org, Masami Hiramatsu <mhiramat@...nel.org>,
 Josh Poimboeuf <jpoimboe@...nel.org>, Peter Zijlstra <peterz@...radead.org>,
 Ingo Molnar <mingo@...nel.org>, Jiri Olsa <jolsa@...nel.org>,
 Namhyung Kim <namhyung@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
 Andrii Nakryiko <andrii@...nel.org>,
 Beau Belgrave <beaub@...ux.microsoft.com>, Jens Remus
 <jremus@...ux.ibm.com>, Linus Torvalds <torvalds@...ux-foundation.org>,
 Andrew Morton <akpm@...ux-foundation.org>, Jens Axboe <axboe@...nel.dk>,
 Florian Weimer <fweimer@...hat.com>, Sam James <sam@...too.org>,
 Brian Robbins <brianrob@...rosoft.com>,
 Elena Zannoni <elena.zannoni@...cle.com>
Subject: Re: [RFC] New codectl(2) system call for sframe registration

On 2025-07-22 17:04, Indu Bhagat wrote:
> On 7/22/25 12:17 PM, Steven Rostedt wrote:
>> On Tue, 22 Jul 2025 20:56:47 +0200
>> "Jose E. Marchesi" <jemarch@....org> wrote:
>>
>>> I think glibc could "register" loaded SFrame data by just pointing the
>>> kernel to the VM address where it got loaded, "you got some SFrame
>>> there".  Starting from that address it is then possible to find the
>>> referred code locations just by applying the offsets, without needing
>>> any additional information nor ELF foobar...
>>>
>>> Or thats how I understand it.  Indu will undoubtly correct me if I am
>>> wrong 8-)
>>
>> Maybe I'm wrong, but if you know where the text is loaded (the final
>> location it is in memory), it is possible to figure out the relocations
>> in the sframe section.
>>
> 
> (FWIW, What Jose wrote is correct.)
> 
> Some details which may help clear up some confusion here.  The SFrame 
> sections are of type SHT_GNU_SFRAME and currently have SEC_ALLOC| 
> SEC_LOAD flags set.  This means that they are allocated memory and 
> loaded at application start up time.  These sections appear in a PT_LOAD 
> segment in the linked binaries.
> 
> Then there is a PT_GNU_SFRAME, which is a new program header type for 
> SFrame.  PT_GNU_SFRAME by itself does not trigger the loading of SFrame 
> sections.  But the .sframe sections being present in the PT_LOAD segment 
> does.
> 
>>>
>>>> In the future, if we wants to compress the sframe section, it will not
>>>> even be a loadable ELF section. But the system call can tell the
>>>> kernel: "there's a sframe compressed section at this offset/size in
>>>> this file" for this text address range and then the kernel will do the
>>>> rest.
>>>
>>> I think supporting compressed SFrame will probably require to do some
>>> sort of relocation of the offsets in the uncompressed data, depending on
>>> where the uncompressed data will get eventually loaded.
>>
>> Assuming that all the text is at a given offset, would that be enough
>> to fill in the blanks?
>>
> 
> Yes and No.  The offset at which the text is loaded is _one_ part of the 
> information to "fill in the blanks".  The other part is what to do with 
> that information (text_vma) or how to relocate the SFrame section itself 
> a.k.a. the relocation entries.  To know the relocations, one will need 
> to get access to the respective relocation section, and hence access to 
> the ELF section headers.

So AFAIU we have three main scenarios:

1) The dynamic loader allocates the sframe section, and possibly applies
    relocations before passing pointers to the start/end of that section
    to the kernel.

2) The dynamic loader only maps memory for the sframe section, without
    actually populating its content. It would register the sframe section
    to the kernel by providing a pathname and offset allowing the kernel
    to find the sframe information and populate it via the page fault
    handler. In that scenario, the kernel would be responsible to perform
    the relocations. Ideally the sframe layout would always contain
    offsets that are relative to the text_vma base, so the kernel could
    easily do the relocs. Is that the case ?

3) Variation on scenario 2: the sframe data is compressed in the file.
    The page fault handler is responsible to uncompress and apply relocs
    if need be.

Am I missing something ?

Thanks,

Mathieu

> 
>> As the text would have already been linked into memory before the
>> system call is made. If this is not the case, then we definitely need
>> the linker to load the sframe into memory before it does the system
>> call, and just give the kernel that address.
>>


-- 
Mathieu Desnoyers
EfficiOS Inc.
https://www.efficios.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ